1NAMED.CONF(5)                       BIND 9                       NAMED.CONF(5)
2
3
4

NAME

6       named.conf - configuration file for **named**
7

SYNOPSIS

9       named.conf
10

DESCRIPTION

12       named.conf is the configuration file for named. Statements are enclosed
13       in braces and terminated with a semi-colon. Clauses in  the  statements
14       are  also  semi-colon  terminated.   The  usual comment styles are sup‐
15       ported:
16
17       C style: /* */
18          C++ style: // to end of line
19
20       Unix style: # to end of line
21
22   ACL
23          acl string { address_match_element; ... };
24
25   CONTROLS
26          controls {
27                inet ( ipv4_address | ipv6_address |
28                    * ) [ port ( integer | * ) ] allow
29                    { address_match_element; ... } [
30                    keys { string; ... } ] [ read-only
31                    boolean ];
32                unix quoted_string perm integer
33                    owner integer group integer [
34                    keys { string; ... } ] [ read-only
35                    boolean ];
36          };
37
38   DLZ
39          dlz string {
40                database string;
41                search boolean;
42          };
43
44   DNSSEC-POLICY
45          dnssec-policy string {
46                dnskey-ttl duration;
47                keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
48                    duration_or_unlimited algorithm string [ integer ]; ... };
49                max-zone-ttl duration;
50                nsec3param [ iterations integer ] [ optout boolean ] [
51                    salt-length integer ];
52                parent-ds-ttl duration;
53                parent-propagation-delay duration;
54                publish-safety duration;
55                purge-keys duration;
56                retire-safety duration;
57                signatures-refresh duration;
58                signatures-validity duration;
59                signatures-validity-dnskey duration;
60                zone-propagation-delay duration;
61          };
62
63   DYNDB
64          dyndb string quoted_string {
65              unspecified-text };
66
67   KEY
68          key string {
69                algorithm string;
70                secret string;
71          };
72
73   LOGGING
74          logging {
75                category string { string; ... };
76                channel string {
77                        buffered boolean;
78                        file quoted_string [ versions ( unlimited | integer ) ]
79                            [ size size ] [ suffix ( increment | timestamp ) ];
80                        null;
81                        print-category boolean;
82                        print-severity boolean;
83                        print-time ( iso8601 | iso8601-utc | local | boolean );
84                        severity log_severity;
85                        stderr;
86                        syslog [ syslog_facility ];
87                };
88          };
89
90   MANAGED-KEYS
91       See DNSSEC-KEYS.
92
93          managed-keys { string ( static-key
94              | initial-key | static-ds |
95              initial-ds ) integer integer
96              integer quoted_string; ... };, deprecated
97
98   MASTERS
99          masters string [ port integer ] [ dscp
100              integer ] { ( remote-servers |
101              ipv4_address [ port integer ] |
102              ipv6_address [ port integer ] ) [ key
103              string ]; ... };
104
105   OPTIONS
106          options {
107                allow-new-zones boolean;
108                allow-notify { address_match_element; ... };
109                allow-query { address_match_element; ... };
110                allow-query-cache { address_match_element; ... };
111                allow-query-cache-on { address_match_element; ... };
112                allow-query-on { address_match_element; ... };
113                allow-recursion { address_match_element; ... };
114                allow-recursion-on { address_match_element; ... };
115                allow-transfer { address_match_element; ... };
116                allow-update { address_match_element; ... };
117                allow-update-forwarding { address_match_element; ... };
118                also-notify [ port integer ] [ dscp integer ] { (
119                    remote-servers | ipv4_address [ port integer ] |
120                    ipv6_address [ port integer ] ) [ key string ]; ... };
121                alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
122                    ] [ dscp integer ];
123                alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
124                    * ) ] [ dscp integer ];
125                answer-cookie boolean;
126                attach-cache string;
127                auth-nxdomain boolean; // default changed
128                auto-dnssec ( allow | maintain | off );
129                automatic-interface-scan boolean;
130                avoid-v4-udp-ports { portrange; ... };
131                avoid-v6-udp-ports { portrange; ... };
132                bindkeys-file quoted_string;
133                blackhole { address_match_element; ... };
134                cache-file quoted_string;// deprecated
135                catalog-zones { zone string [ default-masters [ port integer ]
136                    [ dscp integer ] { ( remote-servers | ipv4_address [ port
137                    integer ] | ipv6_address [ port integer ] ) [ key
138                    string ]; ... } ] [ zone-directory quoted_string ] [
139                    in-memory boolean ] [ min-update-interval duration ]; ... };
140                check-dup-records ( fail | warn | ignore );
141                check-integrity boolean;
142                check-mx ( fail | warn | ignore );
143                check-mx-cname ( fail | warn | ignore );
144                check-names ( primary | master |
145                    secondary | slave | response ) (
146                    fail | warn | ignore );
147                check-sibling boolean;
148                check-spf ( warn | ignore );
149                check-srv-cname ( fail | warn | ignore );
150                check-wildcard boolean;
151                clients-per-query integer;
152                cookie-algorithm ( aes | siphash24 );
153                cookie-secret string;
154                coresize ( default | unlimited | sizeval );
155                datasize ( default | unlimited | sizeval );
156                deny-answer-addresses { address_match_element; ... } [
157                    except-from { string; ... } ];
158                deny-answer-aliases { string; ... } [ except-from { string; ...
159                    } ];
160                dialup ( notify | notify-passive | passive | refresh | boolean );
161                directory quoted_string;
162                disable-algorithms string { string;
163                    ... };
164                disable-ds-digests string { string;
165                    ... };
166                disable-empty-zone string;
167                dns64 netprefix {
168                        break-dnssec boolean;
169                        clients { address_match_element; ... };
170                        exclude { address_match_element; ... };
171                        mapped { address_match_element; ... };
172                        recursive-only boolean;
173                        suffix ipv6_address;
174                };
175                dns64-contact string;
176                dns64-server string;
177                dnskey-sig-validity integer;
178                dnsrps-enable boolean;
179                dnsrps-options { unspecified-text };
180                dnssec-accept-expired boolean;
181                dnssec-dnskey-kskonly boolean;
182                dnssec-loadkeys-interval integer;
183                dnssec-must-be-secure string boolean;
184                dnssec-policy string;
185                dnssec-secure-to-insecure boolean;
186                dnssec-update-mode ( maintain | no-resign );
187                dnssec-validation ( yes | no | auto );
188                dnstap { ( all | auth | client | forwarder | resolver | update ) [
189                    ( query | response ) ]; ... };
190                dnstap-identity ( quoted_string | none | hostname );
191                dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
192                    size ) ] [ versions ( unlimited | integer ) ] [ suffix (
193                    increment | timestamp ) ];
194                dnstap-version ( quoted_string | none );
195                dscp integer;
196                dual-stack-servers [ port integer ] { ( quoted_string [ port
197                    integer ] [ dscp integer ] | ipv4_address [ port
198                    integer ] [ dscp integer ] | ipv6_address [ port
199                    integer ] [ dscp integer ] ); ... };
200                dump-file quoted_string;
201                edns-udp-size integer;
202                empty-contact string;
203                empty-server string;
204                empty-zones-enable boolean;
205                fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
206                fetches-per-server integer [ ( drop | fail ) ];
207                fetches-per-zone integer [ ( drop | fail ) ];
208                files ( default | unlimited | sizeval );
209                flush-zones-on-shutdown boolean;
210                forward ( first | only );
211                forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
212                    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
213                fstrm-set-buffer-hint integer;
214                fstrm-set-flush-timeout integer;
215                fstrm-set-input-queue-size integer;
216                fstrm-set-output-notify-threshold integer;
217                fstrm-set-output-queue-model ( mpsc | spsc );
218                fstrm-set-output-queue-size integer;
219                fstrm-set-reopen-interval duration;
220                geoip-directory ( quoted_string | none );
221                glue-cache boolean;
222                heartbeat-interval integer;
223                hostname ( quoted_string | none );
224                interface-interval duration;
225                ixfr-from-differences ( primary | master | secondary | slave |
226                    boolean );
227                keep-response-order { address_match_element; ... };
228                key-directory quoted_string;
229                lame-ttl duration;
230                listen-on [ port integer ] [ dscp
231                    integer ] {
232                    address_match_element; ... };
233                listen-on-v6 [ port integer ] [ dscp
234                    integer ] {
235                    address_match_element; ... };
236                lmdb-mapsize sizeval;
237                lock-file ( quoted_string | none );
238                managed-keys-directory quoted_string;
239                masterfile-format ( map | raw | text );
240                masterfile-style ( full | relative );
241                match-mapped-addresses boolean;
242                max-cache-size ( default | unlimited | sizeval | percentage );
243                max-cache-ttl duration;
244                max-clients-per-query integer;
245                max-ixfr-ratio ( unlimited | percentage );
246                max-journal-size ( default | unlimited | sizeval );
247                max-ncache-ttl duration;
248                max-records integer;
249                max-recursion-depth integer;
250                max-recursion-queries integer;
251                max-refresh-time integer;
252                max-retry-time integer;
253                max-rsa-exponent-size integer;
254                max-stale-ttl duration;
255                max-transfer-idle-in integer;
256                max-transfer-idle-out integer;
257                max-transfer-time-in integer;
258                max-transfer-time-out integer;
259                max-udp-size integer;
260                max-zone-ttl ( unlimited | duration );
261                memstatistics boolean;
262                memstatistics-file quoted_string;
263                message-compression boolean;
264                min-cache-ttl duration;
265                min-ncache-ttl duration;
266                min-refresh-time integer;
267                min-retry-time integer;
268                minimal-any boolean;
269                minimal-responses ( no-auth | no-auth-recursive | boolean );
270                multi-master boolean;
271                new-zones-directory quoted_string;
272                no-case-compress { address_match_element; ... };
273                nocookie-udp-size integer;
274                notify ( explicit | master-only | primary-only | boolean );
275                notify-delay integer;
276                notify-rate integer;
277                notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
278                    dscp integer ];
279                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
280                    [ dscp integer ];
281                notify-to-soa boolean;
282                nta-lifetime duration;
283                nta-recheck duration;
284                nxdomain-redirect string;
285                parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
286                    dscp integer ];
287                parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
288                    ] [ dscp integer ];
289                pid-file ( quoted_string | none );
290                port integer;
291                preferred-glue string;
292                prefetch integer [ integer ];
293                provide-ixfr boolean;
294                qname-minimization ( strict | relaxed | disabled | off );
295                query-source ( ( [ address ] ( ipv4_address | * ) [ port (
296                    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
297                    port ( integer | * ) ) ) [ dscp integer ];
298                query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
299                    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
300                    port ( integer | * ) ) ) [ dscp integer ];
301                querylog boolean;
302                random-device ( quoted_string | none );
303                rate-limit {
304                        all-per-second integer;
305                        errors-per-second integer;
306                        exempt-clients { address_match_element; ... };
307                        ipv4-prefix-length integer;
308                        ipv6-prefix-length integer;
309                        log-only boolean;
310                        max-table-size integer;
311                        min-table-size integer;
312                        nodata-per-second integer;
313                        nxdomains-per-second integer;
314                        qps-scale integer;
315                        referrals-per-second integer;
316                        responses-per-second integer;
317                        slip integer;
318                        window integer;
319                };
320                recursing-file quoted_string;
321                recursion boolean;
322                recursive-clients integer;
323                request-expire boolean;
324                request-ixfr boolean;
325                request-nsid boolean;
326                require-server-cookie boolean;
327                reserved-sockets integer;
328                resolver-nonbackoff-tries integer;
329                resolver-query-timeout integer;
330                resolver-retry-interval integer;
331                response-padding { address_match_element; ... } block-size
332                    integer;
333                response-policy { zone string [ add-soa boolean ] [ log
334                    boolean ] [ max-policy-ttl duration ] [ min-update-interval
335                    duration ] [ policy ( cname | disabled | drop | given | no-op
336                    | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
337                    recursive-only boolean ] [ nsip-enable boolean ] [
338                    nsdname-enable boolean ]; ... } [ add-soa boolean ] [
339                    break-dnssec boolean ] [ max-policy-ttl duration ] [
340                    min-update-interval duration ] [ min-ns-dots integer ] [
341                    nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
342                    [ recursive-only boolean ] [ nsip-enable boolean ] [
343                    nsdname-enable boolean ] [ dnsrps-enable boolean ] [
344                    dnsrps-options { unspecified-text } ];
345                reuseport boolean;
346                root-delegation-only [ exclude { string; ... } ];
347                root-key-sentinel boolean;
348                rrset-order { [ class string ] [ type string ] [ name
349                    quoted_string ] string string; ... };
350                secroots-file quoted_string;
351                send-cookie boolean;
352                serial-query-rate integer;
353                serial-update-method ( date | increment | unixtime );
354                server-id ( quoted_string | none | hostname );
355                servfail-ttl duration;
356                session-keyalg string;
357                session-keyfile ( quoted_string | none );
358                session-keyname string;
359                sig-signing-nodes integer;
360                sig-signing-signatures integer;
361                sig-signing-type integer;
362                sig-validity-interval integer [ integer ];
363                sortlist { address_match_element; ... };
364                stacksize ( default | unlimited | sizeval );
365                stale-answer-client-timeout ( disabled | off | integer );
366                stale-answer-enable boolean;
367                stale-answer-ttl duration;
368                stale-cache-enable boolean;
369                stale-refresh-time duration;
370                startup-notify-rate integer;
371                statistics-file quoted_string;
372                synth-from-dnssec boolean;
373                tcp-advertised-timeout integer;
374                tcp-clients integer;
375                tcp-idle-timeout integer;
376                tcp-initial-timeout integer;
377                tcp-keepalive-timeout integer;
378                tcp-listen-queue integer;
379                tkey-dhkey quoted_string integer;
380                tkey-domain quoted_string;
381                tkey-gssapi-credential quoted_string;
382                tkey-gssapi-keytab quoted_string;
383                transfer-format ( many-answers | one-answer );
384                transfer-message-size integer;
385                transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
386                    dscp integer ];
387                transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
388                    ] [ dscp integer ];
389                transfers-in integer;
390                transfers-out integer;
391                transfers-per-ns integer;
392                trust-anchor-telemetry boolean; // experimental
393                try-tcp-refresh boolean;
394                update-check-ksk boolean;
395                use-alt-transfer-source boolean;
396                use-v4-udp-ports { portrange; ... };
397                use-v6-udp-ports { portrange; ... };
398                v6-bias integer;
399                validate-except { string; ... };
400                version ( quoted_string | none );
401                zero-no-soa-ttl boolean;
402                zero-no-soa-ttl-cache boolean;
403                zone-statistics ( full | terse | none | boolean );
404          };
405
406   PARENTAL-AGENTS
407          parental-agents string [ port integer ] [
408              dscp integer ] { ( remote-servers |
409              ipv4_address [ port integer ] |
410              ipv6_address [ port integer ] ) [ key
411              string ]; ... };
412
413   PLUGIN
414          plugin ( query ) string [ { unspecified-text
415              } ];
416
417   PRIMARIES
418          primaries string [ port integer ] [ dscp
419              integer ] { ( remote-servers |
420              ipv4_address [ port integer ] |
421              ipv6_address [ port integer ] ) [ key
422              string ]; ... };
423
424   SERVER
425          server netprefix {
426                bogus boolean;
427                edns boolean;
428                edns-udp-size integer;
429                edns-version integer;
430                keys server_key;
431                max-udp-size integer;
432                notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
433                    dscp integer ];
434                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
435                    [ dscp integer ];
436                padding integer;
437                provide-ixfr boolean;
438                query-source ( ( [ address ] ( ipv4_address | * ) [ port (
439                    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
440                    port ( integer | * ) ) ) [ dscp integer ];
441                query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
442                    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
443                    port ( integer | * ) ) ) [ dscp integer ];
444                request-expire boolean;
445                request-ixfr boolean;
446                request-nsid boolean;
447                send-cookie boolean;
448                tcp-keepalive boolean;
449                tcp-only boolean;
450                transfer-format ( many-answers | one-answer );
451                transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
452                    dscp integer ];
453                transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
454                    ] [ dscp integer ];
455                transfers integer;
456          };
457
458   STATISTICS-CHANNELS
459          statistics-channels {
460                inet ( ipv4_address | ipv6_address |
461                    * ) [ port ( integer | * ) ] [
462                    allow { address_match_element; ...
463                    } ];
464          };
465
466   TRUST-ANCHORS
467          trust-anchors { string ( static-key |
468              initial-key | static-ds | initial-ds )
469              integer integer integer
470              quoted_string; ... };
471
472   TRUSTED-KEYS
473       Deprecated - see DNSSEC-KEYS.
474
475          trusted-keys { string integer
476              integer integer
477              quoted_string; ... };, deprecated
478
479   VIEW
480          view string [ class ] {
481                allow-new-zones boolean;
482                allow-notify { address_match_element; ... };
483                allow-query { address_match_element; ... };
484                allow-query-cache { address_match_element; ... };
485                allow-query-cache-on { address_match_element; ... };
486                allow-query-on { address_match_element; ... };
487                allow-recursion { address_match_element; ... };
488                allow-recursion-on { address_match_element; ... };
489                allow-transfer { address_match_element; ... };
490                allow-update { address_match_element; ... };
491                allow-update-forwarding { address_match_element; ... };
492                also-notify [ port integer ] [ dscp integer ] { (
493                    remote-servers | ipv4_address [ port integer ] |
494                    ipv6_address [ port integer ] ) [ key string ]; ... };
495                alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
496                    ] [ dscp integer ];
497                alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
498                    * ) ] [ dscp integer ];
499                attach-cache string;
500                auth-nxdomain boolean; // default changed
501                auto-dnssec ( allow | maintain | off );
502                cache-file quoted_string;// deprecated
503                catalog-zones { zone string [ default-masters [ port integer ]
504                    [ dscp integer ] { ( remote-servers | ipv4_address [ port
505                    integer ] | ipv6_address [ port integer ] ) [ key
506                    string ]; ... } ] [ zone-directory quoted_string ] [
507                    in-memory boolean ] [ min-update-interval duration ]; ... };
508                check-dup-records ( fail | warn | ignore );
509                check-integrity boolean;
510                check-mx ( fail | warn | ignore );
511                check-mx-cname ( fail | warn | ignore );
512                check-names ( primary | master |
513                    secondary | slave | response ) (
514                    fail | warn | ignore );
515                check-sibling boolean;
516                check-spf ( warn | ignore );
517                check-srv-cname ( fail | warn | ignore );
518                check-wildcard boolean;
519                clients-per-query integer;
520                deny-answer-addresses { address_match_element; ... } [
521                    except-from { string; ... } ];
522                deny-answer-aliases { string; ... } [ except-from { string; ...
523                    } ];
524                dialup ( notify | notify-passive | passive | refresh | boolean );
525                disable-algorithms string { string;
526                    ... };
527                disable-ds-digests string { string;
528                    ... };
529                disable-empty-zone string;
530                dlz string {
531                        database string;
532                        search boolean;
533                };
534                dns64 netprefix {
535                        break-dnssec boolean;
536                        clients { address_match_element; ... };
537                        exclude { address_match_element; ... };
538                        mapped { address_match_element; ... };
539                        recursive-only boolean;
540                        suffix ipv6_address;
541                };
542                dns64-contact string;
543                dns64-server string;
544                dnskey-sig-validity integer;
545                dnsrps-enable boolean;
546                dnsrps-options { unspecified-text };
547                dnssec-accept-expired boolean;
548                dnssec-dnskey-kskonly boolean;
549                dnssec-loadkeys-interval integer;
550                dnssec-must-be-secure string boolean;
551                dnssec-policy string;
552                dnssec-secure-to-insecure boolean;
553                dnssec-update-mode ( maintain | no-resign );
554                dnssec-validation ( yes | no | auto );
555                dnstap { ( all | auth | client | forwarder | resolver | update ) [
556                    ( query | response ) ]; ... };
557                dual-stack-servers [ port integer ] { ( quoted_string [ port
558                    integer ] [ dscp integer ] | ipv4_address [ port
559                    integer ] [ dscp integer ] | ipv6_address [ port
560                    integer ] [ dscp integer ] ); ... };
561                dyndb string quoted_string {
562                    unspecified-text };
563                edns-udp-size integer;
564                empty-contact string;
565                empty-server string;
566                empty-zones-enable boolean;
567                fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
568                fetches-per-server integer [ ( drop | fail ) ];
569                fetches-per-zone integer [ ( drop | fail ) ];
570                forward ( first | only );
571                forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
572                    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
573                glue-cache boolean;
574                ixfr-from-differences ( primary | master | secondary | slave |
575                    boolean );
576                key string {
577                        algorithm string;
578                        secret string;
579                };
580                key-directory quoted_string;
581                lame-ttl duration;
582                lmdb-mapsize sizeval;
583                managed-keys { string (
584                    static-key | initial-key
585                    | static-ds | initial-ds
586                    ) integer integer
587                    integer
588                    quoted_string; ... };, deprecated
589                masterfile-format ( map | raw | text );
590                masterfile-style ( full | relative );
591                match-clients { address_match_element; ... };
592                match-destinations { address_match_element; ... };
593                match-recursive-only boolean;
594                max-cache-size ( default | unlimited | sizeval | percentage );
595                max-cache-ttl duration;
596                max-clients-per-query integer;
597                max-ixfr-ratio ( unlimited | percentage );
598                max-journal-size ( default | unlimited | sizeval );
599                max-ncache-ttl duration;
600                max-records integer;
601                max-recursion-depth integer;
602                max-recursion-queries integer;
603                max-refresh-time integer;
604                max-retry-time integer;
605                max-stale-ttl duration;
606                max-transfer-idle-in integer;
607                max-transfer-idle-out integer;
608                max-transfer-time-in integer;
609                max-transfer-time-out integer;
610                max-udp-size integer;
611                max-zone-ttl ( unlimited | duration );
612                message-compression boolean;
613                min-cache-ttl duration;
614                min-ncache-ttl duration;
615                min-refresh-time integer;
616                min-retry-time integer;
617                minimal-any boolean;
618                minimal-responses ( no-auth | no-auth-recursive | boolean );
619                multi-master boolean;
620                new-zones-directory quoted_string;
621                no-case-compress { address_match_element; ... };
622                nocookie-udp-size integer;
623                notify ( explicit | master-only | primary-only | boolean );
624                notify-delay integer;
625                notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
626                    dscp integer ];
627                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
628                    [ dscp integer ];
629                notify-to-soa boolean;
630                nta-lifetime duration;
631                nta-recheck duration;
632                nxdomain-redirect string;
633                parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
634                    dscp integer ];
635                parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
636                    ] [ dscp integer ];
637                plugin ( query ) string [ {
638                    unspecified-text } ];
639                preferred-glue string;
640                prefetch integer [ integer ];
641                provide-ixfr boolean;
642                qname-minimization ( strict | relaxed | disabled | off );
643                query-source ( ( [ address ] ( ipv4_address | * ) [ port (
644                    integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
645                    port ( integer | * ) ) ) [ dscp integer ];
646                query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
647                    integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
648                    port ( integer | * ) ) ) [ dscp integer ];
649                rate-limit {
650                        all-per-second integer;
651                        errors-per-second integer;
652                        exempt-clients { address_match_element; ... };
653                        ipv4-prefix-length integer;
654                        ipv6-prefix-length integer;
655                        log-only boolean;
656                        max-table-size integer;
657                        min-table-size integer;
658                        nodata-per-second integer;
659                        nxdomains-per-second integer;
660                        qps-scale integer;
661                        referrals-per-second integer;
662                        responses-per-second integer;
663                        slip integer;
664                        window integer;
665                };
666                recursion boolean;
667                request-expire boolean;
668                request-ixfr boolean;
669                request-nsid boolean;
670                require-server-cookie boolean;
671                resolver-nonbackoff-tries integer;
672                resolver-query-timeout integer;
673                resolver-retry-interval integer;
674                response-padding { address_match_element; ... } block-size
675                    integer;
676                response-policy { zone string [ add-soa boolean ] [ log
677                    boolean ] [ max-policy-ttl duration ] [ min-update-interval
678                    duration ] [ policy ( cname | disabled | drop | given | no-op
679                    | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
680                    recursive-only boolean ] [ nsip-enable boolean ] [
681                    nsdname-enable boolean ]; ... } [ add-soa boolean ] [
682                    break-dnssec boolean ] [ max-policy-ttl duration ] [
683                    min-update-interval duration ] [ min-ns-dots integer ] [
684                    nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
685                    [ recursive-only boolean ] [ nsip-enable boolean ] [
686                    nsdname-enable boolean ] [ dnsrps-enable boolean ] [
687                    dnsrps-options { unspecified-text } ];
688                root-delegation-only [ exclude { string; ... } ];
689                root-key-sentinel boolean;
690                rrset-order { [ class string ] [ type string ] [ name
691                    quoted_string ] string string; ... };
692                send-cookie boolean;
693                serial-update-method ( date | increment | unixtime );
694                server netprefix {
695                        bogus boolean;
696                        edns boolean;
697                        edns-udp-size integer;
698                        edns-version integer;
699                        keys server_key;
700                        max-udp-size integer;
701                        notify-source ( ipv4_address | * ) [ port ( integer | *
702                            ) ] [ dscp integer ];
703                        notify-source-v6 ( ipv6_address | * ) [ port ( integer
704                            | * ) ] [ dscp integer ];
705                        padding integer;
706                        provide-ixfr boolean;
707                        query-source ( ( [ address ] ( ipv4_address | * ) [ port
708                            ( integer | * ) ] ) | ( [ [ address ] (
709                            ipv4_address | * ) ] port ( integer | * ) ) ) [
710                            dscp integer ];
711                        query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
712                            port ( integer | * ) ] ) | ( [ [ address ] (
713                            ipv6_address | * ) ] port ( integer | * ) ) ) [
714                            dscp integer ];
715                        request-expire boolean;
716                        request-ixfr boolean;
717                        request-nsid boolean;
718                        send-cookie boolean;
719                        tcp-keepalive boolean;
720                        tcp-only boolean;
721                        transfer-format ( many-answers | one-answer );
722                        transfer-source ( ipv4_address | * ) [ port ( integer |
723                            * ) ] [ dscp integer ];
724                        transfer-source-v6 ( ipv6_address | * ) [ port (
725                            integer | * ) ] [ dscp integer ];
726                        transfers integer;
727                };
728                servfail-ttl duration;
729                sig-signing-nodes integer;
730                sig-signing-signatures integer;
731                sig-signing-type integer;
732                sig-validity-interval integer [ integer ];
733                sortlist { address_match_element; ... };
734                stale-answer-client-timeout ( disabled | off | integer );
735                stale-answer-enable boolean;
736                stale-answer-ttl duration;
737                stale-cache-enable boolean;
738                stale-refresh-time duration;
739                synth-from-dnssec boolean;
740                transfer-format ( many-answers | one-answer );
741                transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
742                    dscp integer ];
743                transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
744                    ] [ dscp integer ];
745                trust-anchor-telemetry boolean; // experimental
746                trust-anchors { string ( static-key |
747                    initial-key | static-ds | initial-ds
748                    ) integer integer integer
749                    quoted_string; ... };
750                trusted-keys { string
751                    integer integer
752                    integer
753                    quoted_string; ... };, deprecated
754                try-tcp-refresh boolean;
755                update-check-ksk boolean;
756                use-alt-transfer-source boolean;
757                v6-bias integer;
758                validate-except { string; ... };
759                zero-no-soa-ttl boolean;
760                zero-no-soa-ttl-cache boolean;
761                zone string [ class ] {
762                        allow-notify { address_match_element; ... };
763                        allow-query { address_match_element; ... };
764                        allow-query-on { address_match_element; ... };
765                        allow-transfer { address_match_element; ... };
766                        allow-update { address_match_element; ... };
767                        allow-update-forwarding { address_match_element; ... };
768                        also-notify [ port integer ] [ dscp integer ] { (
769                            remote-servers | ipv4_address [ port integer ] |
770                            ipv6_address [ port integer ] ) [ key string ];
771                            ... };
772                        alt-transfer-source ( ipv4_address | * ) [ port (
773                            integer | * ) ] [ dscp integer ];
774                        alt-transfer-source-v6 ( ipv6_address | * ) [ port (
775                            integer | * ) ] [ dscp integer ];
776                        auto-dnssec ( allow | maintain | off );
777                        check-dup-records ( fail | warn | ignore );
778                        check-integrity boolean;
779                        check-mx ( fail | warn | ignore );
780                        check-mx-cname ( fail | warn | ignore );
781                        check-names ( fail | warn | ignore );
782                        check-sibling boolean;
783                        check-spf ( warn | ignore );
784                        check-srv-cname ( fail | warn | ignore );
785                        check-wildcard boolean;
786                        database string;
787                        delegation-only boolean;
788                        dialup ( notify | notify-passive | passive | refresh |
789                            boolean );
790                        dlz string;
791                        dnskey-sig-validity integer;
792                        dnssec-dnskey-kskonly boolean;
793                        dnssec-loadkeys-interval integer;
794                        dnssec-policy string;
795                        dnssec-secure-to-insecure boolean;
796                        dnssec-update-mode ( maintain | no-resign );
797                        file quoted_string;
798                        forward ( first | only );
799                        forwarders [ port integer ] [ dscp integer ] { (
800                            ipv4_address | ipv6_address ) [ port integer ] [
801                            dscp integer ]; ... };
802                        in-view string;
803                        inline-signing boolean;
804                        ixfr-from-differences boolean;
805                        journal quoted_string;
806                        key-directory quoted_string;
807                        masterfile-format ( map | raw | text );
808                        masterfile-style ( full | relative );
809                        masters [ port integer ] [ dscp integer ] { (
810                            remote-servers | ipv4_address [ port integer ] |
811                            ipv6_address [ port integer ] ) [ key string ];
812                            ... };
813                        max-ixfr-ratio ( unlimited | percentage );
814                        max-journal-size ( default | unlimited | sizeval );
815                        max-records integer;
816                        max-refresh-time integer;
817                        max-retry-time integer;
818                        max-transfer-idle-in integer;
819                        max-transfer-idle-out integer;
820                        max-transfer-time-in integer;
821                        max-transfer-time-out integer;
822                        max-zone-ttl ( unlimited | duration );
823                        min-refresh-time integer;
824                        min-retry-time integer;
825                        multi-master boolean;
826                        notify ( explicit | master-only | primary-only | boolean );
827                        notify-delay integer;
828                        notify-source ( ipv4_address | * ) [ port ( integer | *
829                            ) ] [ dscp integer ];
830                        notify-source-v6 ( ipv6_address | * ) [ port ( integer
831                            | * ) ] [ dscp integer ];
832                        notify-to-soa boolean;
833                        parental-agents [ port integer ] [ dscp integer ] { (
834                            remote-servers | ipv4_address [ port integer ] |
835                            ipv6_address [ port integer ] ) [ key string ];
836                            ... };
837                        parental-source ( ipv4_address | * ) [ port ( integer |
838                            * ) ] [ dscp integer ];
839                        parental-source-v6 ( ipv6_address | * ) [ port (
840                            integer | * ) ] [ dscp integer ];
841                        primaries [ port integer ] [ dscp integer ] { (
842                            remote-servers | ipv4_address [ port integer ] |
843                            ipv6_address [ port integer ] ) [ key string ];
844                            ... };
845                        request-expire boolean;
846                        request-ixfr boolean;
847                        serial-update-method ( date | increment | unixtime );
848                        server-addresses { ( ipv4_address | ipv6_address ); ... };
849                        server-names { string; ... };
850                        sig-signing-nodes integer;
851                        sig-signing-signatures integer;
852                        sig-signing-type integer;
853                        sig-validity-interval integer [ integer ];
854                        transfer-source ( ipv4_address | * ) [ port ( integer |
855                            * ) ] [ dscp integer ];
856                        transfer-source-v6 ( ipv6_address | * ) [ port (
857                            integer | * ) ] [ dscp integer ];
858                        try-tcp-refresh boolean;
859                        type ( primary | master | secondary | slave | mirror |
860                            delegation-only | forward | hint | redirect |
861                            static-stub | stub );
862                        update-check-ksk boolean;
863                        update-policy ( local | { ( deny | grant ) string (
864                            6to4-self | external | krb5-self | krb5-selfsub |
865                            krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
866                            name | self | selfsub | selfwild | subdomain | tcp-self
867                            | wildcard | zonesub ) [ string ] rrtypelist; ... };
868                        use-alt-transfer-source boolean;
869                        zero-no-soa-ttl boolean;
870                        zone-statistics ( full | terse | none | boolean );
871                };
872                zone-statistics ( full | terse | none | boolean );
873          };
874
875   ZONE
876          zone string [ class ] {
877                allow-notify { address_match_element; ... };
878                allow-query { address_match_element; ... };
879                allow-query-on { address_match_element; ... };
880                allow-transfer { address_match_element; ... };
881                allow-update { address_match_element; ... };
882                allow-update-forwarding { address_match_element; ... };
883                also-notify [ port integer ] [ dscp integer ] { (
884                    remote-servers | ipv4_address [ port integer ] |
885                    ipv6_address [ port integer ] ) [ key string ]; ... };
886                alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
887                    ] [ dscp integer ];
888                alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
889                    * ) ] [ dscp integer ];
890                auto-dnssec ( allow | maintain | off );
891                check-dup-records ( fail | warn | ignore );
892                check-integrity boolean;
893                check-mx ( fail | warn | ignore );
894                check-mx-cname ( fail | warn | ignore );
895                check-names ( fail | warn | ignore );
896                check-sibling boolean;
897                check-spf ( warn | ignore );
898                check-srv-cname ( fail | warn | ignore );
899                check-wildcard boolean;
900                database string;
901                delegation-only boolean;
902                dialup ( notify | notify-passive | passive | refresh | boolean );
903                dlz string;
904                dnskey-sig-validity integer;
905                dnssec-dnskey-kskonly boolean;
906                dnssec-loadkeys-interval integer;
907                dnssec-policy string;
908                dnssec-secure-to-insecure boolean;
909                dnssec-update-mode ( maintain | no-resign );
910                file quoted_string;
911                forward ( first | only );
912                forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
913                    | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
914                in-view string;
915                inline-signing boolean;
916                ixfr-from-differences boolean;
917                journal quoted_string;
918                key-directory quoted_string;
919                masterfile-format ( map | raw | text );
920                masterfile-style ( full | relative );
921                masters [ port integer ] [ dscp integer ] { ( remote-servers
922                    | ipv4_address [ port integer ] | ipv6_address [ port
923                    integer ] ) [ key string ]; ... };
924                max-ixfr-ratio ( unlimited | percentage );
925                max-journal-size ( default | unlimited | sizeval );
926                max-records integer;
927                max-refresh-time integer;
928                max-retry-time integer;
929                max-transfer-idle-in integer;
930                max-transfer-idle-out integer;
931                max-transfer-time-in integer;
932                max-transfer-time-out integer;
933                max-zone-ttl ( unlimited | duration );
934                min-refresh-time integer;
935                min-retry-time integer;
936                multi-master boolean;
937                notify ( explicit | master-only | primary-only | boolean );
938                notify-delay integer;
939                notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
940                    dscp integer ];
941                notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
942                    [ dscp integer ];
943                notify-to-soa boolean;
944                parental-agents [ port integer ] [ dscp integer ] { (
945                    remote-servers | ipv4_address [ port integer ] |
946                    ipv6_address [ port integer ] ) [ key string ]; ... };
947                parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
948                    dscp integer ];
949                parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
950                    ] [ dscp integer ];
951                primaries [ port integer ] [ dscp integer ] { (
952                    remote-servers | ipv4_address [ port integer ] |
953                    ipv6_address [ port integer ] ) [ key string ]; ... };
954                request-expire boolean;
955                request-ixfr boolean;
956                serial-update-method ( date | increment | unixtime );
957                server-addresses { ( ipv4_address | ipv6_address ); ... };
958                server-names { string; ... };
959                sig-signing-nodes integer;
960                sig-signing-signatures integer;
961                sig-signing-type integer;
962                sig-validity-interval integer [ integer ];
963                transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
964                    dscp integer ];
965                transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
966                    ] [ dscp integer ];
967                try-tcp-refresh boolean;
968                type ( primary | master | secondary | slave | mirror |
969                    delegation-only | forward | hint | redirect | static-stub |
970                    stub );
971                update-check-ksk boolean;
972                update-policy ( local | { ( deny | grant ) string ( 6to4-self |
973                    external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
974                    | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
975                    | subdomain | tcp-self | wildcard | zonesub ) [ string ]
976                    rrtypelist; ... };
977                use-alt-transfer-source boolean;
978                zero-no-soa-ttl boolean;
979                zone-statistics ( full | terse | none | boolean );
980          };
981

FILES

983       /etc/named.conf
984

SEE ALSO

986       ddns-confgen(8),  named(8),  named-checkconf(8),  rndc(8),   rndc-conf‐
987       gen(8), BIND 9 Administrator Reference Manual.
988

AUTHOR

990       Internet Systems Consortium
991
993       2022, Internet Systems Consortium
994
995
996
997
9989.16.30-RH                                                       NAMED.CONF(5)
Impressum